The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Let's Encrypt Renewals

Discussion in 'Security' started by mgastkemper, Feb 22, 2017.

Tags:
  1. mgastkemper

    mgastkemper Member

    Joined:
    Oct 5, 2012
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Utrecht, Netherlands
    cPanel Access Level:
    Root Administrator
    I've set up Let'sEncrypt, but I ran into rate limits. I found out that certificates are renewed every day. Search for [removed] on crt.sh | Certificate Search

    The plugin seems to be up to date:
    Code:
    $ /scripts/install_lets_encrypt_autossl_provider
    Loaded plugins: fastestmirror, langpacks, universal-hooks
    Loading mirror speeds from cached hostfile
     * EA4: 185.69.232.245
     * extras: centos.mirror.triple-it.nl
     * updates: centos.mirror.triple-it.nl
    Package cpanel-letsencrypt-2.15-7.1.noarch already installed and latest version
    It seems the renew attempt is done every day.
     
    #1 mgastkemper, Feb 22, 2017
    Last edited by a moderator: Feb 22, 2017
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,288
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @mgastkemper,

    I've moved this post into it's own thread.

    Could you let us know the specific error message you notice regarding the rate limits under the "Logs" tab in "WHM >> Manage AutoSSL"?

    Thank you.
     
  3. mgastkemper

    mgastkemper Member

    Joined:
    Oct 5, 2012
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Utrecht, Netherlands
    cPanel Access Level:
    Root Administrator
    The error in the AutoSSL logs:

    Code:
    The ACME function “https://acme-v01.api.letsencrypt.org/acme/new-cert” indicated an error: “Error creating new cert :: Too many certificates already issued for: usesfifthgear.com (The request exceeds a rate limit)” (429, “Unknown”, urn:acme:error:rateLimited).
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,288
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you open a support ticket using the link in my signature so we can take a closer look and verify how many domain names are associated with the account, and determine why it reached the rate limit? You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  5. mgastkemper

    mgastkemper Member

    Joined:
    Oct 5, 2012
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Utrecht, Netherlands
    cPanel Access Level:
    Root Administrator
    I've opened a support ticket: 8258177
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,288
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Per the support ticket, it looks like the following rate limit was met with Let's Encrypt for the affected account:

    Have you considered switching from Let's Encrypt to cPanel-signed (through Comodo) to avoid this particular rate limit?

    Thank you.
     
  7. mgastkemper

    mgastkemper Member

    Joined:
    Oct 5, 2012
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Utrecht, Netherlands
    cPanel Access Level:
    Root Administrator
    cPanel filed an issue for this problem: CPANEL-11532. They gave no ETA. The following line is copied from there reply: "I have filed CPANEL-11532 in regards to Let's Encrypt rate limiting you due to repeatedly replacing the same certificates on a daily basis due to DNS failures for the subdomains that additional coverage is possible for".
     
    #7 mgastkemper, Feb 27, 2017
    Last edited: Feb 28, 2017
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,288
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    To update, the case number is CPANEL-11532. I'll update this thread with more information on the status of this case as it becomes available.

    Thank you.
     
    mgastkemper likes this.
Loading...

Share This Page